Maritime Security: Open to Risk?
The U.S. maritime sector offers an attractive target to terrorists. But the ocean community is taking steps to help protect maritime trade from catastrophic events.
"Terrorism is how war will be fought against the United States for the foreseeable future. Catastrophic terrorism is the weapon of choice for our enemies. They don't have the resources to attack us frontally, so they look for non-military targets. Those targets are our transportation, logistics, energy, and finance infrastructure."
This warning was issued at the U.S. Maritime Security Expo in New York earlier this fall by Stephen E. Flynn, author of the recently released book America the Vulnerable and the Jeane J. Kirkpatrick Senior Fellow for National Security Studies at the Council on Foreign Relations, Washington, D.C.
The maritime sector in general, and intermodal container traffic in particular, offer a very attractive target to terrorists "because of the richness of opportunity and the severe cascading effects of a major event," Flynn explained. "The maritime system has become the world's warehouse. Delay is not just inconvenient. It shuts down manufacturing and retailing.
"When an event occurs it will create concern about the safety of the whole system," Flynn said. "Our government will shut the system down for two weeks. This will collapse the global trade process."
While almost all maritime experts agree about the size of the terrorist threat, many point out that Flynn's container-centric focus omits exposure of Ro/Ro and bulk shipments, and the structure of the ships themselves.
"Even if we button down all containers, what's to stop terrorists from using other maritime conveyances for a weapon of mass destruction (WMD)?" says an operations manager at a major East Coast port. "Can we search every inbound vessel, every inbound shipment?"
Curtis Spencer, president of IMS Worldwide Inc. and a member of the Customs Operations Advisory Council (COAC) Technology Task Force, agrees with Flynn's assessment. "Government agencies are geared up for one thing—security. If Customs finds a WMD at one of our ports, Commissioner Bonner will shut down the entire port system.
"The labor slowdown in Long Beach two years ago gave us a glimpse of what would happen if our ports were closed—ships stacked up at port, cargo delayed, trade interrupted," he says.
"Our supply chain networks are built to be open, efficient, reliable, and low cost," Flynn said. "Security was always viewed as something that raised costs and closed the system. Now we have no choice but to go back and retrofit security into the system."
In the three years since the Sept. 11 terrorist attacks, U.S. and foreign governments, world customs authorities, and the maritime community have been working together to do just that. They have taken a number of steps aimed at protecting maritime trade from the kinds of catastrophic events to which Flynn refers.
On a global scale, the international maritime industry approved a new world standard for ship and port security. Called the International Ship and Port Facility Security Code (ISPS), the new rules took effect July 1, 2004.
ISPS is the first multilateral ship and port security standard ever created, and was instituted as security amendments to the International Convention for the Safety of Life at Sea 1974 (SOLAS). ISPS requires all nations to develop port and ship security plans with the aim of detecting and deterring acts that threaten maritime security.
In the United States, the Maritime Transportation Security Act of 2002 (MTSA) complements the ISPS. MTSA requires security plans for facilities and vessels that may be involved in a transportation security incident.
It also mandates installation of Automatic Identification System (AIS) equipment on ships. The equipment automatically sends detailed ship information to other ships and shore-based agencies. The AIS requirements begin to take effect Dec. 31, 2004.
Under this new regulatory system, if a ship arrives in the United States from a port or country determined not to be in compliance with ISPS standards, the vessel will be subject to a boarding offshore. Customs may impose additional restrictions regarding the vessel's transit.
"The U.S. Coast Guard cannot inspect every ship that comes into our ports," notes Richard Bank, an attorney with the law firm Thompson Coburn, Washington, D.C., and one of the original signatories to the 1974 SOLAS convention. "The ISPS certificate validates the safety level of the vessel, and accompanies the vessel."
In the United States, the MTSA is part of what Secretary of Homeland Security Tom Ridge calls a "layered" security system, which starts with the Container Security Initiative (CSI).
"Under CSI," explains Ridge, "U.S. Customs and Border Protection (CBP) inspectors are placed at the world's top seaports, where they work with their foreign counterparts to screen and label cargo as 'higher-risk' or 'low-risk' long before it reaches the United States."
The process is aided by the 24-Hour Rule, which requires electronic transmission of advance cargo manifests from U.S.-bound sea carriers one day in advance of loading.
"The information is run through our Automated Targeting System, which compares it against law enforcement data, the latest threat intelligence, and the ships' history," Ridge adds. "Finally, the higher-risk shipments are physically inspected for terrorist weapons and contraband prior to being released from the port of entry."
Today, CBP has inspectors at 19 foreign seaports around the world as part of the CSI program, and plans to add 14 more ports over the coming months. Once implemented, nearly 80 percent of all cargo containers headed for the United States will be prescreened before they depart from abroad.
Private Sector Gets Involved
A third program, the Customs-Trade Partnership Against Terrorism (C-TPAT) enlists private sector help in securing the entire supply chain. Under C-TPAT, companies assess the security of their supply chains and institute changes to bring them up to C-TPAT standards. As of September, approximately 7,000 participants were active in the program.
Customs promises companies that C-TPAT certification will accelerate the processing of their import shipments into this country—creating a kind of "green lane" through which their goods will pass quickly.
"The underlying basis of C-TPAT is to prevent the necessity of opening every box," says Bank. "C-TPAT helps Customs profile boxes to assess risk."
"Unfortunately, those benefits have yet to materialize," adds Spencer.
Others point out that CBP does not have the manpower to audit companies' C-TPAT compliance procedures, leaving the industry with a less-than- ideal "trust-but-don't-verify" program.
Customs' ultimate goal, Spencer says, is to inspect 20 to 50 percent of non-C-TPAT containers flowing into this country. That may be unrealistic.
"How do you do this when our ports are so short on space and congestion is such an issue?" he asks.
C-TPAT requires companies to vouch for the security pedigree of their suppliers, no matter how far removed. For companies sourcing from multiple layers of foreign suppliers, this requirement poses a real challenge.
"Companies have a very difficult time controlling and instituting security requirements on unrelated fifth- party suppliers, then validating that under C-TPAT," Spencer notes. "This is causing some companies to re-think their supplier base. Maintaining a large supplier base has simply become too much work."
Good Starting Point
"C-TPAT is a good starting point," says Lani Fritts, vice president, business development, Collaborative Network Services, Savi Technology, a logistics technology provider located in Sunnyvale, Calif. "Yes, people would like to see the program produce more specific benefits for participants and put more teeth into the audit process. But to go from zero oversight to having companies actively sort this out is a positive thing.
"CBP and the private sector need to continue to determine how they will take advantage of the structure in place to separate the good from the lazy," Fritts says.
Despite his criticisms of C-TPAT, Spencer still recommends that companies pursue certification. "In the big picture, you need to get C-TPAT-certified, if only for loss prevention and control reasons," he says.
For cargo containers in transit, DHS and other organizations are conducting a number of technology-based pilot programs.
For example, the DHS, Department of Transportation, and the Departments of State, Justice, and Commerce are working with business interests, ports, and the maritime industry to test container technology devices and business processes that will enable global container tracking and status assessment. DHS funds these efforts under a program called Operation Safe Commerce (OSC).
In May, 12 OSC intermodal shipping containers arrived at a national retailer's distribution center south of Seattle. The 12 containers traveled through the supply chain by truck from a remote location in Central America to a Pacific Coast port, arriving at the Port of Seattle, and finally by truck to the distribution center.
Each container was subjected to a modified loading process, container sealing, tracking and information gathering technologies, monitoring technology, and unplanned event alerts. The technologies used include web-enabled video, electronic container sealing, container environment monitoring, radio frequency identification (RFID) devices, electronic tracking, GPS satellite tracking, data consolidation, and event identification and alert software featuring centralized data with controlled access.
"A major challenge for shipping any container is to reduce the risk of unintended cargo insertion as the container is loaded and transported in the source country," notes Ray Castor, senior program manager at SAIC, an OSC technology participant. "These containers, as well as containers from other OSC supply chains, are implementing process and technology changes to reduce risks, and are evaluating these changes in real supply chain conditions."
Not to be outdone, the private sector is funding its own supply chain security pilot program called Smart and Secure Tradelanes (SST). This initiative deploys an end-to-end, supply chain security solution—from point of origin to point of delivery—across multiple global trade lanes. It involves several different types of container technology, including anti-intrusion sensor devices, satellite tracking systems, RFID technologies, and networked software.
All in all, SST includes more than 65 participants moving containers originating in Asia, North America, and Europe and travelling along 18 major trade lanes.
Lastly, the U.S. Coast Guard plays a significant role in America's maritime security network. In testimony before a Congressional committee on maritime security in late August, Rear Admiral Larry Hereth and James Sloan reported that the Coast Guard is leading an inter-agency effort to develop what it calls a comprehensive national Maritime Domain Awareness (MDA) plan and system architecture.
"The 9/11 Commission's report suggested that the government identify and evaluate transportation assets needing protection, set risk-based priorities for defending them, select practical and cost-effective ways of doing so, and develop a plan, budget, and funding to implement the efforts," Admiral Hereth said. "A comprehensive MDA plan will address this need."
The Coast Guard is establishing a network for receiving and distributing Automatic Identification System reports (position, speed, course, cargo) from ships using existing Vessel Traffic Services in 10 U.S. ports, waterways, and coastal areas. This initiative will expand to other strategically significant U.S. seaports and ultimately extend to nationwide coverage.
The Coast Guard is researching technologies and systems that track vessels entering, departing, or transiting U.S. waters and can track vessels bound for the United States from overseas.
Finally, the agency is increasing its presence in ports and coastal zones by adding more people and ships, and deploying resources more effectively through IT, information sharing, and intelligence support.
Beyond First Steps
Despite their imperfections, these and other efforts aimed at improving maritime security represent positive progress, says Fritts of Savi.
"The ISPS code was the fastest and most well- coordinated rollout on requirements of that scale that I have ever seen," he says. "The U.S. Coast Guard now has more clarity on its mission. And the World Customs Organization is taking a broader role in coordinating the efforts of regional customs groups and sovereign country customs to help them understand how to deal with threats while facilitating trade."
The other bright spot is that private companies have not stopped to wait for governments to tell them what to do. "Many private companies take security seriously from a brand issue and economics standpoint," Fritts says.
These efforts are not motivated entirely by altruism or the need for compliance. Leading companies have discovered that improved supply chain security pays off. A pilot study—funded by the Asia-Pacific Economic Cooperation (APEC), sponsored by the U.S. Trade and Development Agency, and conducted by consulting firm BearingPoint—determined that the financial benefits from added security measures range from $150 to $2,000 per container, depending on the value of goods being shipped.
Much of the work on improving maritime security has focused on the port, and fails to look beyond to the country at large.
"In any discussion of maritime security, the tendency is to look at the ports as a screen, and say, 'who cares after that?'" says Dennis Michael Egan of System Planning Corp., a container tracking technology provider in an Operation Safe Commerce pilot. "The reality is that the port itself is rarely the target; it is simply the way to get a WMD into the country. Terrorists want high-profile events that kill a lot of people. They're not that interested in the idea of attacking a port itself."
The Office of Management and Budget (OMB) points out this myopia in a recent report. "OMB cautions that we must not be overly attached to ports as our homeland defense posture," Egan says. "We have to get more involved in protecting rail, truck, and other critical infrastructure."
"The ISPS code, C-TPAT, the 24-Hour Rule are all good, but they are just a first step," Flynn argues. "Customs and Border Protection doesn't have the manpower to verify every company in the C-TPAT program, for example. So they have to take it on faith that the companies have done what they say they have."
"It's key to get to a suspect container before it is loaded onto a ship," says Egan. "If you don't, you start impacting the supply chain. Most ports don't have special quarantine areas for containers or ships that are not accepted, so you may have to shut down part of the port to isolate the ship and deal with the threat. This is a glaring hole in our maritime system."
Overall, Flynn believes a successful maritime security strategy should consist of five layers:
1. The birth certificate. Who stuffed the box? Where? What's in it?
2. The smart box. Technology applied to the box to enable position tracking and integrity monitoring such that route aberrations or status violations show up immediately.
3. Pre-loading container vetting. Drive containers through gamma radiation portals built into the port terminal. These allow agents to view contents without pulling the box out of its stack before being loaded onto a ship.
4. Vessel tracking en route.
5. On-arrival spot checks of containers at inbound port.
Flynn's point of view is container-centric. Even if all inbound containers are secured, others wonder if terrorists won't move on to compromising more of the millions of inbound shipments Flynn does not address. For example, no one is suggesting sealing off the Canadian and Mexican borders.
It appears that, in a post-Sept. 11 world, maritime security is open to risk. But that risk is just a component of the larger risks we all face.